IS 2150 / TEL 2810 Introduction to SecurityObjectivesSlide 3What is Authentication?Authentication System: DefinitionAuthentication System: PasswordsPasswordsAuthentication SystemAttacks on PasswordsPassword SelectionSlide 11Slide 12Authentication Systems: Challenge-ResponseSlide 14Authentication Systems: BiometricsAttacks on BiometricsSlide 17Vulnerability AnalysisTechniques for Detecting VulnerabilitiesTypes/layers of Penetration TestingRed Team Approach Flaw Hypothesis Methodology:Problems with Penetration TestingVulnerability ClassificationExample flaw: xterm logExample: Finger Daemon (exploited by Morris worm)RISOS:Research Into Secure Operating Systems (7 Classes)Protection Analysis Model ClassesPA flaw classesNRL TaxonomyNRL Taxonomy (Genesis)NRL Taxonomy: TimeNRL Taxonomy: LocationAslam’s ModelCommon Vulnerabilities and Exposures (cve.mitre.org)1IS 2150 / TEL 2810Introduction to SecurityJames JoshiAssociate Professor, SISLecture 10Nov 15, 2011Authentication, IdentityVulnerability Analysis2ObjectivesUnderstand/explain the issues related to, and utilize the techniques Authentication and identificationVulnerability analysis/classificationTechniquesTaxonomy3Authentication and Identity4What is Authentication?Authentication: Binding identity and external entity to subjectHow do we do it?Entity knows something (secret)Passwords, id numbersEntity has somethingBadge, smart cardEntity is something Biometrics: fingerprints or retinal characteristicsEntity is in someplaceSource IP, restricted area terminal5Authentication System:DefinitionA: Set of authentication informationused by entities to prove their identities (e.g., password)C: Set of complementary informationused by system to validate authentication information (e.g., hash of a password or the password itself)F: Set of complementation functions (to generate C)f : A → CGenerate appropriate c C given a AL: set of authentication functionsl: A C → { true, false }verify identityS: set of selection functionsGenerate/alter A and C e.g., commands to change password6Authentication System: PasswordsExample: plaintext passwordsA = C = alphabet*f returns argument: f(a) returns al is string equivalence: l(a, b) is true if a = bComplementation FunctionNull (return the argument as above)requires that c be protected; i.e. password file needs to be protectedOne-way hash – function such thatComplementary information c = f(a) easy to computef-1(c) difficult to compute7PasswordsExample: Original Unix A password is up to eight characters each character could be one of 127 possible characters; A contains approx. 6.9 x 1016 passwordsPassword is hashed using one of 4096 functions into a 11 character string2 characters pre-pended to indicate the hash function usedC contains passwords of size 13 characters, each character from an alphabet of 64 charactersApproximately 3.0 x 1023 stringsStored in file /etc/passwd (all can read)8Authentication SystemGoal: identify the entities correctlyApproaches to protectingHide enough information so that one of a, c or f cannot be foundMake C readable only to root Make F unknownPrevent access to the authentication functions Lroot cannot log in over the network9Attacks on PasswordsDictionary attack: Trial and error guessingType 1: attacker knows A, F, CGuess g and compute f(g) for each f in FType 2: attacker knows A, ll returns True for guess gCounter: Difficulty based on |A|, TimeProbability P of breaking a passwordG be the number of guesses that can be tested in one time unit|A| ≥ TG/PAssumptions: time constant; all passwords are equally likely10Password SelectionRandomDepends on the quality of random number generator; Size of legal passwords8 characters: humans can remember only onePronounceable nonsenseBased on unit of sound (phoneme)Easier to rememberUser selection (proactive selection)Controls on allowableAt least 1 digit, 1 letter, 1 punctuation, 1 control characterObscure poem verse11Password SelectionReusable Passwords susceptible to dictionary attack (type 1)Salting can be used to increase effort neededmakes the choice of complementation function a function of randomly selected dataRandom data is different for different userAuthentication function is chosen on the basis of the saltMany Unix systems: A salt is randomly chosen from 0..4095Complementation function depends on the salt12Password SelectionPassword agingChange password after some time: based on expected time to guess a passwordDisallow change to previous n passwordsFundamental problem is reusabilityReplay attack is easySolution: Authenticate in such a way that the transmitted password changes each time13Authentication Systems: Challenge-ResponsePass algorithmauthenticator sends message msubject responds with f(m)f is a secret encryption functionExample: ask for second input based on some algorithm14Authentication Systems: Challenge-ResponseOne-time password: invalidated after usef changes after useS/Key uses a hash function (MD4/MD5)User chooses an initial seed kKey generator calculatesk1 = h(k), k2 = h(k1) …, kn = h(kn-1)Passwords used in the orderp1 = kn, p2 = kn-1, …, pn =k1 Suppose p1 = kn is intercepted; the next password is p2 = kn-1Since h(kn-1) = kn, the attacker needs to invert h to determine the next password15Authentication Systems: BiometricsUsed for human subject identification based on physical characteristics that are tough to copyFingerprint (optical scanning)Camera’s needed (bulky)VoiceSpeaker-verification (identity) or speaker-recognition (info content)Iris/retina patterns (unique for each person)Laser beaming is intrusiveFace recognitionFacial features can make this difficultKeystroke interval/timing/pressure16Attacks on BiometricsFake biometricsfingerprint “mask”copy keystroke patternFake the interaction between device and systemReplay attackRequires careful design of entire authentication system17Vulnerability Analysis18Vulnerability AnalysisVulnerability or security flaw: specific failures of security controls (procedures, technology or management)Errors in codeHuman violatorsMismatch between
View Full Document